Initial work on permissions with cancan

2025-10-31 00:45:35 -04:00 · 2013-04-11 21:14:27 -04:00 · 2013-04-11 21:14:27 -04:00 · 59e45fa4d3
commit 59e45fa4d3
parent 6a29eda8d9
8 changed files with 64 additions and 39 deletions
--- a/app/components/bike_brands.rb
+++ b/app/components/bike_brands.rb
@ -4,17 +4,16 @@ class BikeBrands < Netzke::Basepack::Grid
    c.model = "BikeBrand"
    c.title = "Brands"

-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
-    end
+    c.prohibit_update = true if cannot? :update, BikeBrand
+    c.prohibit_create = true if cannot? :create, BikeBrand
+    c.prohibit_delete = true if cannot? :delete, BikeBrand 
  end

  #override with nil to remove actions
  def default_bbar
    bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, BikeBrand
+    bbar.concat [ :add_in_form ] if can? :create, BikeBrand
    bbar
  end
 end
--- a/app/components/bike_logs.rb
+++ b/app/components/bike_logs.rb
@ -54,7 +54,8 @@ class BikeLogs < Netzke::Basepack::Grid
  #override with nil to remove actions
  def default_bbar
    bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log
+    bbar.concat [ :add_in_form ] if can? :create, ::ActsAsLoggable::Log
    bbar
  end
 =end
--- a/app/components/bike_models.rb
+++ b/app/components/bike_models.rb
@ -14,17 +14,16 @@ class BikeModels < Netzke::Basepack::Grid
      { :name => :model }
    ]

-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
-    end
+    c.prohibit_update = true if cannot? :update, BikeModel
+    c.prohibit_create = true if cannot? :create, BikeModel
+    c.prohibit_delete = true if cannot? :delete, BikeModel 
  end

  #override with nil to remove actions
  def default_bbar
    bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, BikeModel
+    bbar.concat [ :add_in_form ] if can? :create, BikeModel
    bbar
  end
 end
--- a/app/components/transaction_logs.rb
+++ b/app/components/transaction_logs.rb
@ -29,11 +29,9 @@ class TransactionLogs < Netzke::Basepack::Grid
      }
    ]

-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
-    end
+    c.prohibit_update = true if cannot? :update, ::ActsAsLoggable::Log
+    c.prohibit_create = true if cannot? :create, ::ActsAsLoggable::Log
+    c.prohibit_delete = true if cannot? :delete, ::ActsAsLoggable::Log 

  end

@ -60,7 +58,8 @@ class TransactionLogs < Netzke::Basepack::Grid
  #override with nil to remove actions
  def default_bbar
    bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log
+    bbar.concat [:add_in_form ] if can? :create, ::ActsAsLoggable::Log
    bbar
  end

--- a/app/components/user_logs.rb
+++ b/app/components/user_logs.rb
@ -14,16 +14,16 @@ class UserLogs < Netzke::Basepack::Grid
      :copy_action_id => 4
    }

-    #just users
-    if controller.current_user.user?
-      user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)}
-      user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } )
-      user_log_data_store = {auto_load: true }
-    #admins and staff
-    else
+    if can? :manage, ::ActsAsLoggable::Log
+      #admins and staff
      user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);}
      user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } )
      user_log_data_store = {auto_load: true }
+    else
+      #just users
+      user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)}
+      user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } )
+      user_log_data_store = {auto_load: true }
    end

    c.model = "ActsAsLoggable::Log"
--- a/app/components/user_profiles.rb
+++ b/app/components/user_profiles.rb
@ -3,18 +3,18 @@ class UserProfiles < Netzke::Basepack::Grid
  def configure(c)
    super

-    if controller.current_user.user?
-      user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);}
-      user_profiles_data_store = { auto_load: true }
-      user_profile_strong_default_attrs = {
-        :user_id => controller.current_user.id
-      }
-    else
+    if can? :manage, UserProfile
      user_profiles_scope = lambda { |rel| rel.where(:user_id => session[:selected_user_id]);}
      user_profiles_data_store = { auto_load: false}
      user_profile_strong_default_attrs = {
        :user_id => session[:selected_user_id]
      }
+    else
+      user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);}
+      user_profiles_data_store = { auto_load: true }
+      user_profile_strong_default_attrs = {
+        :user_id => controller.current_user.id
+      }
    end

    c.model = "UserProfile"
--- a/app/components/user_transactions.rb
+++ b/app/components/user_transactions.rb
@ -24,17 +24,16 @@ class UserTransactions < Netzke::Basepack::Grid
      :created_at
    ]

-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
-    end
+    c.prohibit_update = true if cannot? :update, Transaction
+    c.prohibit_create = true if cannot? :create, Transaction
+    c.prohibit_delete = true if cannot? :delete, Transaction
  end

  #override with nil to remove actions
  def default_bbar
    bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, Transaction
+    bbar.concat [ :add_in_form ] if can? :create, Transaction
    bbar
  end
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -0,0 +1,28 @@
+class Ability
+  include CanCan::Ability
+  
+  def initialize(current_user)
+    @current_user = current_user
+    self.send(current_user.role.to_sym)
+  end
+
+  def admin
+    can :manage, :all
+  end  
+
+  def staff
+    can :manage, :all
+  end
+
+  def bike_admin
+    can :manage, Bike
+    can :manage, ::ActsAsLoggable::Log, :loggable_type => "Bike"
+  end
+
+  def user
+    can :read, :all
+    can :update, Bike, :id => @current_user.bike_id unless @current_user.bike.nil?
+    can :manage, ::ActsAsLoggable::Log, { :loggable_type => "Bike", :loggable_id => @current_user.bike_id }
+    can :manage, ::ActsAsLoggable::Log, { :loggable_type => "User", :loggable_id => @current_user.id }
+  end
+end